This course provides an in-depth study of several topics related to the development and deployment of secure distributed systems. Today, in a global market, organizations and individuals need to be interconnected among them and through the Internet, in order to provide information and services to users, create relations between partners and do business. In this open environment, several kinds of threads exist, perpetrated by a range of individuals. This course will focus on state-of-the-art technologies and solutions for building systems and conducting secure operations in this potentially adverse environment. Pre-requisites are Introduction to Computer Security, and it is expected that students have at least introductory notions of: computational systems and computer networks; operating systems and distributed systems.
The course achieves a balanced coverage of: in-depth study of some cryptographic algorithms and mechanisms previously addressed at introductory level; and insight into the implementation of secure distributed systems. The cryptography part addresses basic theory of hash and encryption, studies some popular algorithms, and discusses limitations of these techniques. The system and network security part deals with public key infrastructures, and secure communication on the Internet. In addition, crucial applications such as secure email and electronic payment are also covered.
The lecture concepts are complemented through two medium sized hands-on projects. The first one comprises the implementation, optimization and experimental evaluation of a well-known cryptographic algorithm. The second project is about the design and implementation of a secure (real or simulated) distributed application. These projects introduce students to the practical difficulties and trade-offs of developing cryptographic and security techniques and their use to protect a system.